I was reading a recent Information Week article that talks about how end users are moving to the cloud on their own. It was a cautionary article discussing the common concerns about security, where data is sitting and what privacy concerns there may be. While these are valid concerns, I think that this is a good thing overall as long as certain policies are put in place.
If you are not a stranger to enterprise IT, you know how much of a hassle it is to get resources provisioned when you need them. IT seems to have every excuse as to why it will take six weeks to provision a server for your new departmental project, and you have every reason why it needs to be done yesterday. Laziness aside, there are some very good reasons that the provisioning process takes a while. These reasons are all related to security, compliance and policy. What do you do if you need to deploy something fast, and you are able to take slightly more risk than an in-house solution? You turn to the cloud. That is exactly what many users are doing and it is driving IT mad.
Your IT department, and I say this to their chagrin, is there to support you. They are there to provide a service to you as a functional department within a business who drives revenue. Unless you are specifically a tech company, your IT department is not driving revenue. They are a sunk cost. It is a shame how many IT departments just don't get that today. With that being said, there are a myriad of highly skilled people working in IT who know all about system security, compliance and policy. It is their job to be sure that your systems operate within these guidelines.
Here is an eye-opening concept: There are many more people out there, most with more skills than your internal IT department, who do the exact same thing. These individuals also work for large cloud computing providers like Amazon and Google. It is their daily job to make sure that the systems which they run (for their end users) are secure and compliant. They have designed large scale systems (in which you are a tenant within the cloud) which make things like security and compliance much easier. I would even go out on a limb and say that the security and compliance of the large cloud computing vendors is better than 90% of most organizations' own internal security and compliance.
I hope that gives a breath of fresh air to all of the users that are being panicked by the articles about going rogue on your IT department. Are there security concerns when it comes to cloud computing? Of course there are. Are there issues with compliance? Of course there are. Are these concerns being addressed in a solid manner? Of course they are. Most of the problems related to IT security and compliance are within the applications (and development) anyway, so if you are consuming a Platform as a Service (PaaS), that is your responsibility as the developer. If you are consuming a Software as a Service, that is the responsibility of the provider (such as Salesforce.com) and believe me they take that seriously. The repeated attempts at fear mongering about security and compliance within the cloud are usually from uninformed individuals or IT personnel who are concerned about job security.
I want to make this perfectly clear now: I am not saying that cloud computing is a panacea, nor am I saying that the people working for the large cloud computing providers are perfect. What I am saying is that much like flying is statistically safer than driving a car (and a better way to travel), the cloud computing vendors have better security and compliance than most businesses do, and they word hard every day to deliver top notch service to their end users. Can you say this about your internal IT team?
IT personnel need to realize that the cloud is not a threat to them and that they are still needed. Their function will shift over time to help users provision services in the cloud rapidly as well as ensure that the cloud computing vendor operates within security and compliance guidelines. They will monitor performance of the cloud platform and ensure that it delivers as expected. Think of it more as a technical management role than a typical administration role. On the flip side, do they really want to spend all day at a terminal administrating machines? Why not let a robust self-managing infrastructure handle all the boring work and focus on delivering value to the business? That is where the IT mindset needs to shift in this modern era.
So, to sum it all up, moving to the cloud is a great thing for end users and a good thing for IT staff as well. It is a win-win situation if everyone involved can clearly understand their role and the benefits gained from the move. It will also help for everyone to identify the risks and mitigate them as much as possible. The choice isn't whether or not to 'cede control' to the end users. The choice is to evolve with the industry or not. History as taught us that you either evolve or go extinct. The choice is yours.